Screen OS

We have two sites with SSG-140s at both.  Our main site has several different services running from a VIP to internal services.  The second site is a failover site, and we plan to handle all the failover traffic via DNS and other means, but we have one service that is bound to a specific public IP that, durning a maintenance failover, we want to forward from Site 1 to Site 2. Well aware that this does us no good in a true emergency, but it does allow us to run 98% of the site elsewhere and pull the servers down for maintenance and replacement with just the Juniper equipment running.

So, the goal is have a policy that can be activated that will take traffic that normally is a VIP to an internal IP and forward it to an external IP at our Site 2.    I would love for this part of the failover processs to be as simple as check  the box or be able to script to enable a policy via the terminlal. 

Questions - Can a VIP go to an external address?  Making the VIP address an external IP does not seem to work in testing.  I've also attempted an inter-zone nat-dest policy that seems to be ignored.  

Alternative, there is a VPN between these two locations.  Can I route a VIP destinatinon over the VPN? What would be involved? 

Thanks

Pete

Ended up talking to support on this.  Simply came down to an untrust to untrust policy using DST-NAT.

Source is any, destination is the IP the traffic is destined for.  Enter the IP of the desired recipient of the traffic in DST-NAT. 

The catch I was running into was that I had a VIP enabled.  What most probrobly already knew was that the VIP will always be read and used before the policy.  Removing the VIP, or just using a different port that was not VIP worked.